Remove unnecessary calls to the database for user and permission metadata.
This commit is contained in:
yackob03
parent
13298be5d3
commit
959016a6eb
5 changed files with 58 additions and 39 deletions
|
|
@ -1,13 +1,12 @@
|
|||
import logging
|
||||
|
||||
from flask.ext.principal import identity_loaded, UserNeed, Permission
|
||||
from flask.ext.login import current_user
|
||||
from flask.ext.principal import (identity_loaded, UserNeed, Permission,
|
||||
Identity, identity_changed)
|
||||
from collections import namedtuple
|
||||
from functools import partial
|
||||
|
||||
from data import model
|
||||
from app import app
|
||||
from auth import get_authenticated_user, get_validated_token
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -17,6 +16,29 @@ _ResourceNeed = namedtuple('resource', ['type', 'namespace', 'name', 'role'])
|
|||
_RepositoryNeed = partial(_ResourceNeed, 'repository')
|
||||
|
||||
|
||||
class QuayDeferredPermissionUser(Identity):
|
||||
def __init__(self, id, auth_type=None):
|
||||
super(QuayDeferredPermissionUser, self).__init__(id, auth_type)
|
||||
|
||||
self._permissions_loaded = False
|
||||
|
||||
def can(self, permission):
|
||||
if not self._permissions_loaded:
|
||||
logger.debug('Loading user permissions after deferring.')
|
||||
user_object = model.get_user(self.id)
|
||||
|
||||
for user in model.get_all_user_permissions(user_object):
|
||||
grant = _RepositoryNeed(user.repositorypermission.repository.namespace,
|
||||
user.repositorypermission.repository.name,
|
||||
user.repositorypermission.role.name)
|
||||
logger.debug('User added permission: {0}'.format(grant))
|
||||
self.provides.add(grant)
|
||||
|
||||
self._permissions_loaded = True
|
||||
|
||||
return super(QuayDeferredPermissionUser, self).can(permission)
|
||||
|
||||
|
||||
class ModifyRepositoryPermission(Permission):
|
||||
def __init__(self, namespace, name):
|
||||
admin_need = _RepositoryNeed(namespace, name, 'admin')
|
||||
|
|
@ -50,18 +72,12 @@ def on_identity_loaded(sender, identity):
|
|||
logger.debug('Identity loaded: %s' % identity)
|
||||
# We have verified an identity, load in all of the permissions
|
||||
|
||||
if identity.auth_type == 'username':
|
||||
logger.debug('Computing permissions for user: %s' % identity.id)
|
||||
if isinstance(identity, QuayDeferredPermissionUser):
|
||||
logger.debug('Deferring permissions for user: %s' % identity.id)
|
||||
|
||||
user_object = model.get_user(identity.id)
|
||||
|
||||
identity.provides.add(UserNeed(user_object.username))
|
||||
for user in model.get_all_user_permissions(user_object):
|
||||
grant = _RepositoryNeed(user.repositorypermission.repository.namespace,
|
||||
user.repositorypermission.repository.name,
|
||||
user.repositorypermission.role.name)
|
||||
logger.debug('User added permission: {0}'.format(grant))
|
||||
identity.provides.add(grant)
|
||||
elif identity.auth_type == 'username':
|
||||
switch_to_deferred = QuayDeferredPermissionUser(identity.id, 'username')
|
||||
identity_changed.send(app, identity=switch_to_deferred)
|
||||
|
||||
elif identity.auth_type == 'token':
|
||||
logger.debug('Computing permissions for token: %s' % identity.id)
|
||||
|
|
|
|||
Reference in a new issue